Hi again,
The tomcat filter (which remove the ticket) work around doesn't work
anymore, because the ticket is required somewhere (in the authentication
thing I guess) after the filter is applied.
Thomas
Thomas LOUBRIEU wrote:
Dear John,
I have tested further the CAS authentication provided with TDS, and I
have noticed one problem.
After the authentication, the first request is send to TDS with an
additional parameter which is "ticket=...".
I think this is used for initializing the session with the server.
It works well if the first request is on the 'html' form which does
not complain about extra parameters.
It works with the 'das' request as well, but if the first request is a
'dds' or 'ascii' or 'dods' request, it fails because the ticket
parameter is not understood.
Exemple of request :
http://www.ifremer.fr/thredds3/standard/dodsC/ARIVO-GLOBAL-ARIVO2002_07-OBS/FULL_TIME_SERIE.ascii?latitude&ticket=ST-72-FFr17wcSyYBaXIODlkof
What we did at IFREMER (in an extra tomcat filter), is to remove the
ticket parameter from the URL before sending it to the TDS servlet.
Please could you see if you could add this function in the TDS
built-in CAS authentication ?
Thanks,
Thomas
------------------------------------------------------------------------
Subject:
TDS and CAS authentication
From:
Thomas LOUBRIEU <tloubrie@xxxxxxxxxxxxxxxx>
Date:
Thu, 11 Sep 2008 13:55:08 +0200
To:
John Caron <caron@xxxxxxxxxxxxxxxx>
To:
John Caron <caron@xxxxxxxxxxxxxxxx>
Hi John,
Just a few words to let you know that I've finally moved our
authentication/authorization system to the CAS system you provided
with the TDS release.
It works well and for the moment it is the best way for us to handle
the authorization in TDS.
Do you have feedback on the usage of it through OPeNDAP client API
(ferret, python, matlab, java, ...) ?
We will focus on python and java to be able to request our restricted
datasets and I am confident, we'll be able to do so (even if some
minor adaptations of API may be required).
One of our restricted dataset is :
http://www.ifremer.fr/thredds3/subcatalogs/DATA_CENTERS/LPO/ARIVO-GLOBAL-ARIVO2002_07-OBS/ARIVO-GLOBAL-ARIVO2002_07-OBS_FULL_TIME_SERIE.html?dataset=ARIVO-GLOBAL-ARIVO2002_07-OBS_FULL_TIME_SERIE
(your login 'jc1eed0' should be still working).
Thanks you for having provided this CAS authentication within TDS.
Best regards,
Thomas
------------------------------------------------------------------------
_______________________________________________
thredds mailing list
thredds@xxxxxxxxxxxxxxxx
For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/
--
-------------------------------------------------------------
Thomas LOUBRIEU
IFREMER IDM/ISI
BP70
29280 Plouzane
FRANCE
email: Thomas.Loubrieu@xxxxxxxxxx
WWW : http://www.coriolis.eu.org/cdc
Tel.: (+33) (0)2 98 22 48 53
Fax: (+33) (0)2 98 22 46 44
-------------------------------------------------------------
